security — active agentkit-forge, community, active, ide skills, framework, javascript, orchestration, phoenixvc, typescript, windows, Claude Code

v1.0.0
GitHub

关于此技能

非常适合需要在Windows优先环境中进行全面漏洞评估和密钥检测的多语言代理。 Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

# 核心主题

active framework javascript orchestration phoenixvc typescript
phoenixvc phoenixvc
[0]
[0]
更新于: 3/21/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 4/11

This page remains useful for operators, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Concrete use-case guidance Explicit limitations and caution
Review Score
4/11
Quality Score
42
Canonical Locale
en
Detected Body Locale
en

非常适合需要在Windows优先环境中进行全面漏洞评估和密钥检测的多语言代理。 Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

核心价值

赋予代理执行依赖项漏洞扫描、密钥检测、OWASP 合规性检查和权限审计,使用诸如依赖项漏洞扫描等协议生成详细的安全报告和严重性评级。

适用 Agent 类型

非常适合需要在Windows优先环境中进行全面漏洞评估和密钥检测的多语言代理。

赋予的主要能力 · security

为基于Windows的项目自动执行依赖项漏洞扫描
在多语言代码库中检测密钥
审计权限以符合OWASP标准

! 使用限制与门槛

  • 需要访问项目依赖项和代码库
  • Windows优先兼容性可能会限制其在非Windows环境中的适用性

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.
  • - The page lacks a strong recommendation layer.
  • - The underlying skill quality score is below the review floor.

Source Boundary

The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.

实验室 Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

常见问题与安装步骤

以下问题与步骤与页面结构化数据保持一致,便于搜索引擎理解页面内容。

? FAQ

security 是什么?

非常适合需要在Windows优先环境中进行全面漏洞评估和密钥检测的多语言代理。 Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

如何安装 security?

运行命令:npx killer-skills add phoenixvc/agentkit-forge/security。支持 Cursor、Windsurf、VS Code、Claude Code 等 19+ IDE/Agent。

security 适用于哪些场景?

典型场景包括:为基于Windows的项目自动执行依赖项漏洞扫描、在多语言代码库中检测密钥、审计权限以符合OWASP标准。

security 支持哪些 IDE 或 Agent?

该技能兼容 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer。可使用 Killer-Skills CLI 一条命令通用安装。

security 有哪些限制?

需要访问项目依赖项和代码库;Windows优先兼容性可能会限制其在非Windows环境中的适用性。

安装步骤

  1. 1. 打开终端

    在你的项目目录中打开终端或命令行。

  2. 2. 执行安装命令

    运行:npx killer-skills add phoenixvc/agentkit-forge/security。CLI 会自动识别 IDE 或 AI Agent 并完成配置。

  3. 3. 开始使用技能

    security 已启用,可立即在当前项目中调用。

! 参考页模式

此页面仍可作为安装与查阅参考,但 Killer-Skills 不再把它视为主要可索引落地页。请优先阅读上方评审结论,再决定是否继续查看上游仓库说明。

Imported Repository Instructions

The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.

Supporting Evidence

security

安装 security,这是一款面向AI agent workflows and automation的 AI Agent Skill。支持 Claude Code、Cursor、Windsurf,一键安装。

SKILL.md
Readonly
Imported Repository Instructions
The section below is supporting source material from the upstream repository. Use the Killer-Skills review above as the primary decision layer.
Supporting Evidence
<!-- GENERATED by AgentKit Forge v3.1.0 — DO NOT EDIT --> <!-- Source: .agentkit/spec + .agentkit/overlays/agentkit-forge --> <!-- Regenerate: pnpm -C .agentkit agentkit:sync -->

security

Runs security-focused analysis: dependency vulnerability scanning, secret detection, OWASP compliance checks, and permission auditing. Generates a security report with severity ratings.

Usage

Invoke this skill when you need to perform the security operation.

Role

You are the Security Agent. Perform a structured security review. You do NOT fix issues — report them with severity, location, and remediation guidance.

Audit Categories

1. OWASP Top 10 Review

Check for: Broken Access Control (unprotected endpoints, IDOR), Cryptographic Failures (weak hashing, hardcoded keys), Injection (SQL, command, XSS, path traversal, NoSQL), Insecure Design (client-only controls, missing rate limiting), Security Misconfiguration (permissive CORS, missing security headers), Authentication Failures (session management, JWT validation, password storage), Data Integrity (CI/CD protection, dependency integrity), Logging Failures (auth event logging, log injection protection), SSRF (user-controlled server-side URLs).

2. Dependency Audit

Run the stack-appropriate scanner: npm audit, cargo audit, pip-audit, govulncheck. Report: total vulnerabilities, severity breakdown, top 5 most severe with CVEs.

3. Authentication & Authorization Flow

Trace auth end-to-end: method, middleware, protected vs. public endpoints, token lifecycle, password storage, privilege escalation paths.

4. Hardcoded Secrets Scan

Search for: API keys, AWS keys, private keys, connection strings, passwords, tokens, committed .env files. Exclude test fixtures with obviously fake values.

Severity Classification

SeverityCriteria
CRITICALExploitable remotely, no auth required, data breach or RCE possible
HIGHLow complexity exploit, auth bypass, significant data exposure
MEDIUMRequires specific conditions, limited impact, defense-in-depth gap
LOWBest practice violation, minimal direct impact

Output

Produce: Executive Summary, Risk Score, Findings by severity (with ID, file:line, category, description, impact, remediation, references), Dependency Vulnerabilities table, Hardcoded Secrets table, Auth Flow Assessment, Positive Security Practices, and Recommended Priority Actions.

Rules

  1. Do NOT fix anything — report only.
  2. Do NOT print actual secret values.
  3. Minimize false positives — mark uncertain items as "potential".
  4. Be specific about remediation (exact file and line).
  5. Exclude test fixtures from secret scanning.

Project Context

  • Repository: agentkit-forge
  • Default branch: main
    • Tech stack: javascript, yaml, markdown

Conventions

  • Write minimal, focused changes
  • Maintain backwards compatibility
  • Include tests for behavioral changes
  • Never expose secrets or credentials
  • Follow the project's established patterns

相关技能

寻找 security 的替代方案 (Alternative) 或可搭配使用的同类 community Skill?探索以下相关开源技能。

查看全部

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
AI

widget-generator

Logo of f
f

为prompts.chat的信息反馈系统生成可定制的插件小部件

149.6k
0
AI

flags

Logo of vercel
vercel

React 框架

138.4k
0
浏览器

pr-review

Logo of pytorch
pytorch

Python中具有强大GPU加速的张量和动态神经网络

98.6k
0
开发者工具